Dag-Erling Smørgrav writes:
> Can loginmsg at this point contain the "Last login" text? That one's
> unsafe since it contains the result of a reverse DNS lookup.

a quick check suggests it can't, and AFAICT the offending code runs in
the unprivileged child, so I really can't see how he exploited it.

Does anybody know what's going on?

Dag-Erling Smørgrav - des@des.no
openssh-unix-dev mailing list